CVE-2010-0152

🗓️ 14 Sep 2010 16:39:00Reported by mitreType

cve🔗 web.nvd.nist.gov👁 41 Views🌐 WEB

CVE-2010-0152 Multiple cross-site scripting vulnerabilities in IBM Proventia Network Mail Security System (PNMSS)

Reporter	Title	Published	Views	Family All 7
Cvelist	CVE-2010-0152	14 Sep 201016:39	–	cvelist
EUVD	EUVD-2010-0184	7 Oct 202500:30	–	euvd
NVD	CVE-2010-0152	14 Sep 201017:00	–	nvd
Packet Storm	Proventia Network Mail Security System Cross Site Scripting	14 Sep 201000:00	–	packetstorm
Prion	Cross site scripting	14 Sep 201017:00	–	prion
securityvulns	MVSA-10-007 / CVE-2010-0152 - IBM Proventia Mail Security System - Multiple persistent and reflected XSS vulnerabilities	14 Sep 201000:00	–	securityvulns
securityvulns	IBM Proventia Mail Security System multiple security vulnerabilities	14 Sep 201000:00	–	securityvulns

NVD

Node

AND

Source	Link
securityfocus	www.securityfocus.com/archive/1/513629/100/0/threaded
ventuneac	www.ventuneac.net/security-advisories/MVSA-10-007

Parameter	Position	Path	Description	CWE
date1	query param	pvm_messagestore.php	Reflected or stored XSS via date1 parameter in pvm_messagestore.php	CWE-79
userfilter	query param	pvm_user_management.php	XSS via userfilter parameter in pvm_user_management.php	CWE-79
ping	query param	sys_tools.php	XSS via ping parameter in sys_tools.php	CWE-79
action	query param	pvm_cert_commaction.php	XSS via action parameter in pvm_cert_commaction.php	CWE-79
action	query param	pvm_cert_serveraction.php	XSS via action parameter in pvm_cert_serveraction.php	CWE-79
action	query param	pvm_smtpstore.php	XSS via action (and id) parameters in pvm_smtpstore.php	CWE-79
id	query param	pvm_smtpstore.php	XSS via action (and id) parameters in pvm_smtpstore.php	CWE-79
l	query param	sla/index.php	XSS via l parameter in sla/index.php	CWE-79

29 Apr 2026 01:13Current

5.2Medium risk

Vulners AI Score5.2

CVSS 24.3

EPSS0.00202